CN1181560A - Apparatus for authenticating user and method therefor - Google Patents
Apparatus for authenticating user and method therefor Download PDFInfo
- Publication number
- CN1181560A CN1181560A CN97120040A CN97120040A CN1181560A CN 1181560 A CN1181560 A CN 1181560A CN 97120040 A CN97120040 A CN 97120040A CN 97120040 A CN97120040 A CN 97120040A CN 1181560 A CN1181560 A CN 1181560A
- Authority
- CN
- China
- Prior art keywords
- password
- card
- random number
- terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Abstract
An apparatus for authenticating a user includes an integrated circuit (IC) card for storing a secret key for generating a one time password and also storing predetermined random numbers. A terminal includes a card receiver for receiving the IC card, a random number memory for reading and storing, and then deleting the random numbers of the IC card, a first password generator for generating a one time password using the secret key of the IC card and one of the random numbers, a first random number changer for changing the random number stored in the random number memory in a predetermined way and storing the changed value, and a display for displaying the password. A server receives the password and compares it with one which it generates from stored values in a similar way, for verification. It is possible to raise the security level by using a one time password in which a different password is used each time a user is authenticated, and to save costs by generating a one time password for each of various services with a single terminal.
Description
The present invention relates to user's identification system, especially, relate to a discriminating and use the user's of portable terminal device and an integrated circuit (IC) card devices and methods therefor, (IC) transaction record of card expression account balance and electronic money also can produce a disposable use or temporary transient password.
Because computing machine and the development of communicating by letter, popularizing of computer network has the development of integrated circuit (IC) card of storage and computing power, produced many applications and brought human many convenience.The electronic money of one of application of IC-card should be able to be represented the transaction record of account balance and electronic money.
The user can not go to bank just can handle the money among the his or her account and handles many things by a computed far-end in his or her family easy to connectly in addition.Whether the user that this moment, one ISP such as bank or network service provider must confirm to require service one validated user.If one pretends attempt for the people of validated user owing to weak user's identification system is succeedd, then invasion of privacy and generation spirit with destruction material.Especially, as user during from remote request service, the ISP needs a method to confirm user's identity and does not meet with the user.
For differentiating user's identity, can use and have only the user to know, only the user is all, or the user exclusive physical features or custom.General being used to of fundamental sum differentiates that the method for user's identity is to use password.In the cipher code method, by the identity of differentiating the user that confirms that user only knows.The user of i.e. request service selects his or she password of knowing and to ISP's registration (server) only.The user uses a string several numerals or letter as password usually.The user who differentiates his or her identity when hope when the server is transmitted password, the password that the server is relatively transmitted and the password of initial registration, and differentiate the user.
Be safety discriminating user's identity, recommend to adopt disposable accessing to your password, wherein each user changes password when wishing to differentiate.In this method, change password when wishing to differentiate, the password that the disabled user can not find with him or she again owing to each user.For discriminating one's identification, need one to produce the disposable device that accesses to your password with disposable accessing to your password.At this moment, if each user produces disposable accessing to your password with his or she terminal because can confirm simultaneously that user only knows with user only all with the discriminating user, so can increase security.
In disposable accessing to your password, be different from ordinary password, need the amount that at every turn all changes for the password that produces each change.Adopt the method for the proposition/response of the method for a usefulness real time clock (RTC) and a usefulness random number for this reason.
In the user differential method of RTC as a variable, terminal that the user is all and ISP's server sync.Promptly when the user wishes to be differentiated, recently differentiate the user with server mutually at the password that the identical time produced by disposable the accessing to your password that will produce according to the time of terminal.
In the method for proposition/response of using random number, produce random number with a tandom number generator for producing disposable accessing to your password.When the user differentiated beginning, server produced random number and they is reached the user.Terminal is encrypted these random numbers with a close number of sharing with server, produces disposablely to access to your password and it is reached server.Server produces a password and the password phase that itself and terminal produce is recently differentiated the user by using identical close number of sharing with terminal and the same random number that transmits.
Yet above-mentioned that access to your password, use maximum user's discrimination methods that many problems are arranged at present.Be easy to be found according to the several numerals of personal information such as telephone number, date of birth and I.D. ID generation or the password of letter by other people.When the user remembers password when it is located for bearing in memory, be easy to be found by other people.This moment, the user of request service was differentiated his or her password when telephone wire or the network transmission from afar, very easily was exposed to other people by a wiretap.
With in user's differential method of RTC, disposablely access to your password and differentiate user, the time synchronized of the time of the terminal that the user is all and ISP's server for producing.If terminal is asynchronous with server with the passing of time, because the password that terminal produces is different from the password that server produces, even then validated user can not be proved to be.For making terminal and server sync need one to install especially.Therefore in the service of traditional application, differentiate and need a special server come the time of synchronous terminal and the time of server when having used a disposable password, caused the cost that the ISP is big like this for strengthening the user.Owing to the variable with real time clock generation password in terminal is a real time clock, terminal only can be that a service produces disposable accessing to your password in addition.When the user needed a plurality of application service, each service needed an independent terminal.
In the method for above-mentioned proposition/response with random number, must be input to terminal for producing the random number that the disposable server that accesses to your password transmits.Terminal must contain an input equipment for this reason.In addition, owing to when server reaches terminal and user with the random number entry terminal with random number, need a processing, will spend the long period certainly and to user's inconvenience.In addition, when can not reaching the user with random number, server can not use this method.
The objective of the invention is to differentiate the user that provide a device to differentiate the user who has used portable terminal and IC-card, IC-card can be represented the transaction record of account balance and electronic money and can produce disposable accessing to your password for cheap and safety.
For achieving the above object, one discriminating user's device is provided, contain and preserve integrated circuit (IC) card that is used to produce disposable key that accesses to your password and predetermined random number, produce the disposable terminal that accesses to your password with IC as input, the disposable server that accesses to your password that authentication terminal produces.Terminal contain one receive and with the IC-card interface, and judge whether to insert for the first time the card receiver of IC-card, a random number memories that when for the first time IC-card being inserted card receiver, reads and preserve and delete the random number of IC-card, produce the disposable first password generator that accesses to your password by key that reads IC-card and the random number that is stored in random number memories, random number that will be stored in random number memories when the first password generator produces disposable accessing to your password changes a predetermined value into and first random number that the change value is stored in random number memories is changed device, display terminal and server result display.Server contains preserves the key consistent with key that initially is stored in IC-card and predetermined random number and the crypto key memory of predetermined random number, one is read the key that is stored in crypto key memory with predetermined random number and use the method identical with terminal to produce the disposable second password generator that accesses to your password, one random number that when the second password generator produces disposable accessing to your password, will be stored in crypto key memory change into one with the identical value of terminal random number change device, and second random number that the change value is stored in crypto key memory changed device, the one disposable password receiver that accesses to your password that produces by telephone wire or network receiving terminal, and the password that receives of a check whether with the identical password verifier of password that produces.
IC-card also contains a card access key storer, crypto key memory contains one and allows the public area of unconditional access and be the privately owned district that safe storage allows the required card access key of visit secret zones and needs one block access key during from external reference, and one compares the card access arbitration device that determines whether to allow to the visit of internal information by the card access key that the outside is imported with the card access key that is stored in card access key storer.When IC-card inserted card receiver for the first time, the random number memories of terminal read the card access key and the random number of IC-card and stores them, and deleted random number and card access key from the public area of IC-card.
First password of terminal produces the symmetric key encryption device part that part contains the random number of the key that reads IC-card and random number memories and produces a password with symmetric key encryption algorithm, the assorted function part in Kazakhstan of password that produces in one usefulness, the one unidirectional Kazakhstan assorted function transition symmetry cipher key encryptor part and the reverse tracking that prevents key and one with the output of encryption equipment from breathing out the format converter that assorted function partly changes into a predetermined format.Second password of server produces partly to contain and reads key and random number that is stored in key storing part and the symmetric key encryption device part that produces a password with symmetric key encryption algorithm, the one usefulness assorted function in one unidirectional Kazakhstan also prevents the assorted function part in Kazakhstan of the reverse tracking of the password that produces in the symmetric key encryption device part and the output of encryption equipment from breathing out the format converter that assorted function partly changes into a predetermined format.
For achieving the above object, provide a usefulness one user's identification device to differentiate user's method, this user's identification device contains the IC-card of storing a predetermined random number and produces the disposable key that accesses to your password, one usefulness IC-card produces the disposable terminal that accesses to your password as input, the disposable server that accesses to your password that produces with the preservation key consistent and random number and authentication terminal with IC-card, this method contains the step: IC-card is inserted terminal, judge whether IC-card is inserted into for the first time, initialization reservation service and produce disposable accessing to your password when for the first time inserting IC-card, when IC-card is to produce disposable user cipher when insert the back, disposablely accesses to your password and confirm disposable accessing to your password through what a scheduled communication medium receiving terminal produced.The initialization of serving when producing the step of password contains the step: read the random number of IC-card and it is stored in terminal, this random number of deletion from IC-card.When producing the step of password, produce disposable accessing to your password and contain the step: the key and the random number that is stored in terminal that read IC-card, carry out symmetric key encryption algorithm with this key and random number as input, according to the output valve fill order of symmetric key encryption algorithm to breathing out assorted function, random number is changed into a predetermined value and is stored in terminal, the output of the assorted function in unidirectional Kazakhstan is converted to predetermined format.Confirmation contains the step: through disposable the accessing to your password of scheduled communication medium receiving terminal generation, read the key and the random number that are stored in server, carry out symmetric key encryption algorithm with this key and random number as input, according to the output valve fill order of symmetric key encryption algorithm to breathing out assorted function, random number is changed into a predetermined value and is stored in terminal, the output of the assorted function in unidirectional Kazakhstan is converted to predetermined format, as if disposable access to your password identical then the differentiate user of predetermined format, if difference is not then differentiated the user with reception.
When IC-card contains a privately owned and common storage area and contain the required card access key in the privately owned district of visit, the initialization of serving when producing the step of password contains the step: read random number and card access key from the public area of IC-card to allow visit random number and privately owned district, and deposit it in terminal, delete this random number and card access key from the public area of IC-card.The key that reads IC-card when producing the step of password contains the step: the card access key input IC-card that will be stored in terminal, whether the card access key that check inputs to IC-card is identical with card access key in the privately owned district of IC-card, if it is identical, then allow access card, during the check card access key, then read the key of IC-card as if the permission visit.
Each contains a counter with terminal and server sync the time when terminal and server, produces disposable accessing to your password and contain the step when producing the step of password: random number sum counter value is changed into predetermined value and deposits it in terminal.Produce disposable accessing to your password and contain the step when producing the step of password: Counter Value is inserted according to the output fill order of symmetric key encryption algorithm in breathing out the password bit stream that assorted function produces, and the password bit stream that Counter Value is inserted wherein transfers predetermined format to.The reception step that confirms the step also contains: extract Counter Value from disposable the accessing to your password that receives, compare with the Counter Value in the server extracting the Counter Value that extracts in the step, Counter Value is when unequal in step relatively, the Counter Value of counter equated and random number is changed into and the corresponding random number of Counter Value.The step that confirms the change random number in step is that random number is changed into a predetermined value and deposits it in terminal.The conversion step that confirms the step contains the step: the fill order is to breathing out assorted function and Counter Value being inserted in the output password bit stream, and the password value that Counter Value is inserted wherein is converted to a predetermined format.
Will clearer above-mentioned purpose of the present invention and advantage by being described in detail with reference to the attached drawings a preferred implementation.
Fig. 1 is a structured flowchart of differentiating user's device according to the present invention;
Fig. 2 is the detailed block diagram of the first password generator;
Fig. 3 is the detailed block diagram of the second password generator;
Fig. 4 is an overall work flow graph of differentiating user's device according to the present invention;
Fig. 5 is the flow graph of service initialization process;
Fig. 6 is that Fig. 4 produces the disposable detailed process flow graph that accesses to your password;
Fig. 7 confirms that the user reaches the processing flow graph of password of access provider's server.
After this will be described in detail with reference to the attached drawings the present invention.With reference to figure 1, one differentiates that according to the present invention user's device contains a safe storage and carries the IC-card 100 of privacy information, one subminiature portable, generation one disposable accessing to your password with identity that confirms the user and the terminal 120 of representing the account balance of electronic money, the disposable server 140 that accesses to your password and service is provided that authentication terminal 120 produces.
IC-card 100 is preserved and is used to produce disposable predetermined random number that accesses to your password and key.IC-card 100 contains the public area 106 of a permission external reference, need the privately owned district 108 of a card access key during one permission external reference, the card access key storer 102 of one required card access key when preserving the privately owned district 108 of visit is with the card access arbitration device 104 that will compare and judge whether to allow to visit internal information from the card access key of outside input and the card access key that is stored in card access key storer 102 (as privately owned district).Because the memory space of IC-card 100 is much larger than the memory space of traditional magnetic card, IC-card 100 can be used as many information that I.D. or electronic money and preservation user can not be remembered.Owing to need the card access key of IC-card 100 when reading the data that exist in the IC-card, other people can not obtain user's personal information easily even the user has misplaced IC-card in addition.
Terminal 120 is used to receive IC-card 100 and produces disposable accessing to your password.Terminal 120 contains a card receiver 121, one random number memories 122, one first password generators 123, one first random numbers and changes device 124, one display 125, one query portions, 126, one counter memory 127 and counter change device 128.
The first password generator 123 is used to read the key of IC-card 100 and is stored in the random number that random number is preserved part 122, produces disposable accessing to your password with a preordering method.As shown in Figure 2, the first password generator 123 contains a symmetrical secret key encryption part 200, and breathes out assorted function part 210, and one first format converting part 220.Symmetric key encryption part 200 reads the key of IC-card 100 and is stored in the random number that random number is preserved part 122, produces a password with a symmetrical secret key cryptographic algorithm.Breathe out assorted function part 210 and stop reverse tracking key of disabled user and random number by the password that produces with unidirectional Kazakhstan assorted function transition symmetry secret key encryption part 200.First format converting part 220 is used for and will be converted to the predetermined format that the user can understand easily from the password bit stream of breathing out assorted function part 210 outputs.First format converting part 220 contains the format converter 224 that the counter inserter 222, that the value of counter memory 127 is inserted the password bit stream will be converted to the predetermined format that the user can understand easily from the password bit stream of counter inserter 222 outputs.Protocol type selection (PTS) bit of the agreement of a plurality of disposable algorithms that access to your password of one expression generation can be counted device inserter 222 and additionally insert.Format converter 224 preferably is converted to the decimal number that the user can understand easily with a binary coded bit stream.
After the first password generator 123 had produced disposable accessing to your password, the random number that first random number change device 124 will be stored in random number memories 122 became a predetermined value and deposits the random number that changes in random number memories 122.Display 125 is used to show the password of the first password generator, 123 generations.Recommend to use LCD as display 125.
The account balance and the transaction record of query portion 126 expression IC-cards 100.Counter memory 127 is preserved Counter Value so that terminal 120 and server 140 is synchronous.No matter when having produced the disposable counter change device 128 that accesses to your password becomes Counter Value one predetermined value and deposits value in counter memory 127.
Crypto key memory 141 is preserved consistent with key that initially is stored in IC-card 100 and predetermined random number respectively key and random number.
The second password generator 144 is used to read key and the random number that is stored in crypto key memory 141, uses the method identical with the preordering method of terminal 120 to produce disposable accessing to your password.As shown in Figure 3, the second password generator 144 contains symmetrical secret key encryption part 300, one an assorted function part 310 in Kazakhstan and one second format converting part 320.Symmetric key encryption part 300 reads key and the random number that is stored in crypto key memory 141, and produces a password with a symmetrical secret key cryptographic algorithm.Breathe out assorted function part 310 by the conversion password that assorted function produces in the unidirectional Kazakhstan of symmetric key encryption part 300 usefulness, stop disabled user's this key of reverse tracking and random number.Second format converting part 320 is used for and will transfers a predetermined format to from the password bit stream of breathing out assorted function part 310 outputs.Second format converting part 320 contains the format converter 324 that a counter inserter 322, that the Counter Value of counter memory 145 is inserted the password bit stream will transfer the predetermined format that the user can understand easily from the password bit stream of counter inserter 322 outputs to.Format converter 324 preferably transfers a binary bit stream to decimal number that the user can understand easily.
Second random number changes device 143 makes the random number of crypto key memory 141 identical with the value that first random number of terminal 120 changes device 124, and the value that will change after the second password generator 144 has produced disposable accessing to your password deposits crypto key memory 141 in.Password receiver 142 receives disposable access to your password identical with the password of the display 125 that is shown in terminal 120 through a telephone wire or predetermined network.
Whether the password that 147 checks of password verifier receive is identical with the password that produces, and confirms this disposable accessing to your password.Counter memory 145 is preserved and is used for the Counter Value that terminal 120 and server 140 is synchronous.No matter when produced disposable accessing to your password, counter changes device 146 Counter Value is become a predetermined value and deposits it in counter memory 145.
Differentiate the operation and the method for a user device according to the present invention, be described below.In the present invention, used all reformed disposable the accessing to your password of each discriminating user.One key, a random number and a counter are used as the variable that produces disposal password.This key that is used for symmetric key encryption algorithm uses and is stored in each user's IC-card 100 as the secret value of encrypting.The random number that at every turn is used for producing different passwords is stored in IC-card, and is reached and deposit in portable terminal 120 in the process of initialization server, and deleted from IC-card.Terminal 120 and server 140 synchronous counters are maintained in the terminal 120.Produce disposable accessing to your password with the random number sum counter that keeps in the terminal 120.When the user wishes to be differentiated by different server, need be used for the IC-card of each server, but a terminal is only arranged.
To make terminal 120 and server 140 be possible synchronously by contain Counter Value in password in producing a process of disposal password.Server 140 extracts Counter Value from password, this password is received from the user, with terminal synchronizes, use with terminal cipher key shared and random number and produce password, and whether detect the password that produces consistent with the password that receives from the user.Although only the counter of terminal has changed, it is possible being easy to terminal and server sync, and the counter of server does not change and causes the change Counter Value of user's chance.And IC-card can require the card access key submitted to read the information in the privately owned district 108 that is stored in card.Because by blocking access key the privately owned district of one user's energy Card Reader of being differentiated is only arranged, the preservation user's of safety personal information is possible.
Operation of the present invention will be by more detailed description.User's identification device according to the present invention has inquiry account balance and trade detail, and the initialization server produces disposal password and confirm the disposable function that accesses to your password in server to produce disposable accessing to your password.
According to Fig. 4, in the present invention, with disposable access to your password differentiate the user by three stepping trade user inserted IC cards to terminal initialization server (step 470) when obtaining service, in terminal, produce disposable accessing to your password (step 430), and confirm the user cipher (going on foot 450) in server.
The user goes into the card receiver 121 (step 400) of terminal 120>shelter for the service inserted IC card that obtains him or she and want and does not have P character used in proper names and in rendering some foreign names IC-card, the card receiver of terminal 120 is judged the kind of IC-card, and check IC-card 100 is to insert for the first time, still is inserted into once and in the past be initialised (step 410).If IC-card is to insert for the first time, will carry out initialization procedure (step 470).When the IC-card that is initialised already is inserted into, will determine whether to produce disposable accessing to your password (step 420).Usually, process finishes (step 460) when only inquiring about account balance.Use the device that is just moving of terminal to want the user who is differentiated to produce disposable accessing to your password (step 430).The card access key that terminal (120) will be received when initialization procedure is submitted to IC-card 100, reads secret value (key of symmetric encipherment algorithm) from card, and produces disposable accessing to your password (step 430).When the user passes to server 140 with this result (step 440), server 140 confirms its (step 450).
Fig. 5 describes service initialization procedure (step 470) in detail.For the first time IC-card 100 being inserted terminal 120 back (step 400 of Fig. 4) service initialization procedures (step 470) the user is used for the card access key is transferred to terminal, be used for reading the public domain that is stored in IC-card the user differentiated it is key in crucial random number and the home zone that is stored in user's IC-card, and from the public domain deletion random number and card access key.At this moment, terminal 120 judges that IC-card 100 is inserted for the first time, and carries out initialization procedure.Terminal 120 reads random number and the card access key (step 510) in the public domain that is stored in IC-card 100, and deposit them the random number memories 122 (step 520) of terminal 120 in, and from the public domain of IC-card 100 this random number of deletion and card access key (step 530).Therefore, only key be stored in initialization the safe home zone of IC-card in.
The information that is used to represent the IC-card of account balance is disclosed to everyone.Need block access key for reading the key that is stored in home zone that is used for user's discriminating.After having carried out the service initialization procedure, the key of IC-card only can be by executed the terminal of initialization procedure read.The user can be used for the disposable of a plurality of services with one of a terminal generation and access to your password.Terminal has been given each service assignment independently storage space.The required information of user of differentiating each service is stored in storage space.
Fig. 6 is the operation that describes the disposable step that accesses to your password 430 of generation of Fig. 4 in detail.Use by IC-card 100 and server 140 cipher key shared (key of symmetric key encryption algorithm) and the random number shared according to terminal 120 and server 140 and produce disposable accessing to your password.When the user inserts the I kilocalorie terminal (Fig. 4 goes on foot 400) and command terminal and produces disposable accessing to your password, the symmetric key encryption part 200 of the first password generator 123 of terminal 120 reads key and reads random number sum counter value (step 610) from random number memories 122 from IC-card 100, with a symmetrical secret key cryptographic algorithm from the value of reading produce a password (step 620), and the binary value (going on foot 630) that produces with the assorted function calculation in unidirectional Kazakhstan of breathing out in the assorted function part 210.The assorted function in unidirectional Kazakhstan is used to stop the disposable result who accesses to your password of his human of attempting unauthorized access to find any information about secret value.
Because the result of the assorted function in unidirectional Kazakhstan can not directly be used as disposable accessing to your password, it is by arithmetic processing conversion (step 680).At first the unfamiliar binary result value of user is become the easy-to-use decimal number of user.Disposable the accessing to your password that becomes decimal system form is shown in (step 690) on the display 125.Because the binary number very big (as binary number) of the assorted function in unidirectional Kazakhstan output more than 64 bits, it must by transfer to have a certain size, can be shown in number on the terminal display 125 (as with 8 decimal numbers during as disposable accessing to your password with the binary number of about 26 bits).
The end value of the assorted function in (step 680) the unidirectional Kazakhstan of use in the transfer algorithm, Counter Value and protocol type are selected (PTS).For synchronous terminal 120 and server 140, counter inserter 222 inserts PTS sum counter value N in the disposable bit stream that accesses to your password.The zone and the PTS zone that can be divided into the results area sum counter value N of the assorted function in unidirectional Kazakhstan as the secret sign indicating number of 26 bits.When server during, need PTS with the disposable algorithm classification that accesses to your password of various generations.
Each password hour counter value N that produces subtracted for one (step 650).And whether the value that detects after subtracting was 0 (step 640).On duty is 0 o'clock, handles to turn back to the initial step.Random number increases in the lump usually and is initialised when N is 0.In the process of initialization server, the random number that reads from IC-card, use only is used for initially producing password, and after the initial step, random number increased for one (step 650) when each generation password.When Counter Value N was 0, the random number (as the result of symmetric key encryption algorithm) that produces during password produces was set to the initial value of random number.By being increased, random number produces password (step 650).One new random number (step 660) when being 0, Counter Value N is set.After producing a password, random number R N sum counter value N is remembered in random number memories 122 (step 670).
Fig. 7 confirms that the user reaches the flow graph of processing of password of ISP's server 140.Server 140 receives disposable the accessing to your password (step 700) that the user is transmitted through password receiver 142.Then, server is from extracting Counter Value and synchronous with terminal 120 by counter withdrawal device 148 from the data bit flow that receives.The method that server 140 usefulness are identical with terminal, use by synchronous random number and close number and produce disposable accessing to your password (step 720).Because produce the disposable process that accesses to your password, omitted relevant explanation with identical in terminal.Disposable the accessing to your password that will produce then compared (step 730) with disposable the accessing to your password that the user produces.As if two password unanimities, just differentiated user's identity (step 770).
If the password that password that the user is transmitted and server 140 produce is inconsistent, it means that an illegal individual attempts to use this card, or user's terminal 120 is not synchronous with server 140.The disposable password that produces with server 140 of accessing to your password is not consistent if validated user transmits, and it is inconsistent that it means that the user has made the Counter Value of the Counter Value of a mistake or terminal 120 and server 140.That is, even the Counter Value of terminal 120 is consistent with the Counter Value of server 140, when the cycle of two counters N not simultaneously because the differential password of random number also may be different.For compensating it, server 140 increases Counter Value and random numbers, calculates password and password is compared with the periodic unit of counter with the password that the user is transmitted.Need not calculate all passwords of N time for calculating N the cipher server 140 after the cycle.Because when N was 0, only need one were provided with the additional calculations of a new random number, a large amount of calculating is unnecessary (step 760).When the password that password and user are transmitted after N password was inconsistent, N the later password of password need be recomputated.If need, can judge and to repeat such processing how many times (step 740).If the password that transmits of user is inconsistent with the password of server at the appointed time, its judges it is an illegal individual attempt and denial of service (going on foot 750).
As above-mentioned, can increase safe class by the password that is used for user's discriminating that extra use user remembers, wherein only use user's IC-card 100 and portable terminal 120.If the user has misplaced IC- card 100 and 120, one at terminal knows that userspersonal information's people can be differentiated by obtaining them.Join this identification system if only will confirm the process of the password remembered by the user, can obtain safer user's discriminating.That is, for being confirmed to be a validated user, the user should have the password of only being remembered by the user, and only the IC-card that has of user produces the disposable portable terminal that accesses to your password.
As above-mentioned, the user uses terminal to produce disposable accessing to your password.Have in the terminal each user's uniqueness is used to produce the different disposable keys that accesses to your password.This key should be contained in disposable the accessing to your password to confirm that the user is transmitted in the server.Herein, this key can be inserted in the terminal during fabrication by factory.Yet, recommend after a user that an ISP has carried out terminal registers just with this key insertion terminal.The ISP produces a key for terminal, and it is registered in the server by IC-card insertion terminal and with it.
Do like this, when making terminal, need not the process of extra insertion key.Therefore, when in factory's medium quantity batch processing terminal, can improve yield rate.In addition, the key that is used for user's discriminating that only serviced supplier knows is safe and can not divulges a secret.Herein, terminal fabricator or ISP are offering construction terminal in advance before the user.
Among the present invention, disposable the accessing to your password that just changes when using each discriminating one user improved safe class.
Among the present invention, owing to just produce correct disposable accessing to your password when only the terminal that has of the IC-card 100 that has as the user and user 120 is consistent, its safe class is far above the safe class of legacy user's discrimination method, even a disabled user obtains the terminal or the IC-card of a validated user like this, he or she can not produce correct password.In addition, owing in differentiating user's process, added the process that only confirms the password remembered by the user, password, IC-card, the terminal that produces user cipher is to confirm the pacing items of a validated user.
Among the present invention, because using his or her IC-card and portable terminal to bring in, the user produces disposable accessing to your password, and be provided with one and read information that is stored in this IC-card and the card access key of preserving user's personal information, stoped being exposed of personal information, and produced by a terminal and to be used for the disposable of multiple service and to access to your password.
Adopted to be used to produce the disposable random number that accesses to your password and to be used for counter with user's terminal and ISP's server sync, as the software in a traditional discriminating user system, the present invention is easy to realize.Therefore, might on cost performance, strengthen user's discriminating and do not increase ISP's ancillary cost.
The devices and methods therefor of discriminating user among the present invention can be used for the place that any needs are differentiated the user, as telephone bank, and the bank of home shopping and use PC, a PC communication and a network service of paying the bill.Especially, the user does not need directly to go the ISP to carry out a service registration there.The user applies for a service there from an ISP, receives an IC-card by mail there from the ISP, obtains a terminal from a shop, and by safety verification.Under the very difficult situation of user capture ISP, this is very easily.In addition, the ISP not demand side to many users to carry out large quantities of transmitting and receiving services.
The terminal of using among the present invention can produce disposable account balance and the transaction record that accesses to your password and represent an electronic money in the general purpose I C card.Consider that the use of electronic money will promptly popularize, terminal of the present invention is very useful.
Claims (12)
1. device of differentiating a user contains:
One is used to preserve and is used for producing disposable accessing to your password and integrated circuit (IC) card of the key of predetermined random number;
The described IC-card of usefulness produces a disposable terminal that accesses to your password as an input; With
One is used to differentiate the disposable server that accesses to your password that is produced by described terminal,
Wherein said terminal contains:
A card receiver, be used for receiving and with described IC-card interface, and judge whether described IC-card is input for the first time;
A random number memories when described IC-card is inserted described card receiver for the first time, is used to read and preserve, and deletes the random number in the described IC-card then;
One first password generator produces disposable accessing to your password by reading key that is stored in described IC-card and the random number that is stored in the described random number memories;
One first random number changes device, accesses to your password when being produced by the described first password generator when disposable, the random number that is stored in the described random number memories is become a predetermined value, and reformed value is deposited in the described random number memories; With
A display, be used to show described terminal and described server result and
Wherein said server contains:
A crypto key memory is used to preserve key and a corresponding to key of predetermined value and a predetermined value of being stored in described IC-card when initial;
One second password generator is used to read the key and the random number that are stored in described crypto key memory, and uses the same procedure of using with described terminal to produce disposable accessing to your password;
One second random number changes device, access to your password when being produced when disposable by the described second password generator, with be stored in random number in the described crypto key memory become one with described terminal in random number change the corresponding to number of device, and reformed value is deposited in the described crypto key memory;
A password receiver is used for receiving disposable the accessing to your password that described terminal produces through a telephone wire or a network; With
A password verifier is used to confirm whether the password of described reception is consistent with the password of described generation.
2. a device that is used to differentiate a user as claimed in claim 1, wherein said IC-card is used as an ID card and electronic money, and preserves a password value that is used to differentiate a user safely.
3. a device that is used to differentiate a user as claimed in claim 1, wherein between user's record time, the key of described terminal is by the described terminal of the initial insertion of an ISP.
4. a device that is used to differentiate a user as claimed in claim 1, wherein said IC-card also contains;
A card access key storer, this storer contains the public domain that a visit is unconditionally allowed, with a privately owned district that needs a card access key when allowing the visit from the outside, to preserve a required card access key of the described privately owned district of visit safely; With
A card access arbitration device, by comparing with the card access key being stored in described card access key storer from the described card access key of outside input, judge whether to allow to the visit of internal information and
Wherein when described IC-card was inserted described card receiver for the first time, the random number memories of described terminal read the random number and the card access key of described IC-card, and preserves them, and deleted random number and card access key from the public domain of described IC-card.
5. a device that is used to differentiate a user as claimed in claim 1, wherein said terminal also contain an inquiry in the described IC-card account balance and the query portion of transaction record.
6. a device that is used to differentiate a user as claimed in claim 4, first password of wherein said terminal produce part and contain:
A symmetric key encryption part is used to read the key of described IC-card and the random number of described random number memories, and adopts a symmetric key encryption algorithm to produce a password;
Breathe out assorted function part, use an assorted function in unidirectional Kazakhstan to change the password that described symmetric key encryption partly produces, for one to stop the described key of reverse tracking; With
A format converter, the password that is used for partly exporting from the assorted function in described Kazakhstan transfer to a predetermined format and
Second password of wherein said server produces part and contains:
A symmetric key encryption part is used to read the key and the random number that are stored in described key preservation part, and adopts a symmetric key encryption algorithm to produce a password;
Breathe out assorted function part, use a key that the assorted function in unidirectional Kazakhstan stops the described symmetric key encryption of reverse tracking partly to produce for one; With
A format converter, the password that is used for partly exporting from the assorted function in described Kazakhstan transfers a predetermined format to.
7. a device that is used to differentiate a user as claimed in claim 6, wherein said terminal and server also contain:
A counter memory that is used to preserve with a Counter Value of described terminal and described server sync; With
A counter changes device, no matter when has produced disposable accessing to your password, and it is used for described Counter Value is become a predetermined value, and newly value deposits in the described counter memory,
The format converter of the format converter of the wherein said first password generator and the described second password generator also contain one with the Counter Value of described counter memory insert from the password bit stream that the assorted function in described Kazakhstan is partly exported the counter inserter and
Wherein said server also contains:
A counter withdrawal device is used for extracting a Counter Value from disposable the accessing to your password that described password receiver receives; With
A random number synchronizer, the Counter Value that extracts at described withdrawal device be with the Counter Value of described server when inconsistent, and generation is corresponding to a random number of the described Counter Value that is extracted, and it is inputed to the symmetric key encryption part of described server.
8. a device that is used to differentiate a user as claimed in claim 7, wherein format converter becomes a decimal number with a binary number.
9. a device that is used to differentiate a user as claimed in claim 7, each also additionally inserts the bit PTS of an expression generation more than the agreement of a disposable algorithm that accesses to your password the counter inserter of wherein said terminal and described server, the counter withdrawal device of described server also extracts described PTS bit, and the first and second password generators also use one to produce disposable disposable accessing to your password of algorithm generation that accesses to your password according to the information of described PTS.
10. use user's identification device to differentiate a user's a method, containing one preserves the IC-card of a predetermined random number and produces a disposable key that accesses to your password, produce a disposable terminal that accesses to your password with described IC-card as input, be used for preserving key and corresponding to key of random number and random number with described IC-card, and differentiate the disposable server that accesses to your password that described terminal produces, user's discrimination method contains the step:
Described IC-card is inserted described terminal;
Judge whether it is for the first time described IC-card to be inserted described terminal;
When described IC-card is when being inserted into for the first time, reservation service of initialization also produces disposable accessing to your password, and when described IC-card is not when being inserted into for the first time, then produces disposable accessing to your password; With
Receive disposable the accessing to your password that described terminal produces through a scheduled communication medium, and confirm described disposable accessing to your password,
Wherein during the step that described password produces, the step of a service of described initialization contains the step:
Read the random number in the described IC-card and it is deposited in the described terminal; With
This random number of deletion from described IC-card,
Wherein during the step that described password produces, disposable step that accesses to your password of described generation contains the step:
(a) read the key of described IC-card and be stored in the random number of described terminal;
(b) carry out a symmetric key encryption algorithm with described key and random number as input;
(c) according to carrying out the assorted function in unidirectional Kazakhstan from the value of described symmetric key encryption algorithm output;
(d) described random number is become a predetermined value and deposit it in described terminal; With
(e) output of the assorted function in described unidirectional Kazakhstan is become a predetermined format and
The wherein said confirmation step contains the step:
Receive disposable the accessing to your password that described terminal produces through a scheduled communication medium;
Read the key and the random number that are stored in described server;
Carry out a symmetric key encryption algorithm with described key and described random number as input;
According to carrying out the assorted function in unidirectional Kazakhstan from the value of described symmetric key encryption algorithm output;
Described random number is become a predetermined value and deposits it in described terminal; With
With the output of the assorted function in described unidirectional Kazakhstan become a predetermined format and
If it is identical that described predetermined format and described reception disposable accesses to your password, then confirm a user, then do not confirm this user as if difference.
11. as the user's of discriminating of claim 10 method, during required card access key, wherein service of initialization contains the step during described password produces step when described IC-card also contains privately owned district of a service:
From the public domain of described IC-card, read and be used to allow random number and a card access key that random number and home zone are conducted interviews, and deposit them in described terminal; With
From the public domain of described IC-card deletion described random number and described card access key and
The described step (a) of wherein reading the password of described IC-card during described password produces step contains the step:
The card access key that is stored in described terminal is inputed to described IC-card;
Whether the card access key that check inputs to described IC-card is identical with card access key in the privately owned district of described IC-card, if they are identical, then allows the visit to card; With
During the step of described check card access key, when allowing visit, read the key of described IC-card.
12. method as the user of discriminating of claim 11, when each also contains counter with terminal and server sync when described terminal and described server, wherein disposable described step (d) that accesses to your password of generation contains the step during described password produces step: described random number and described Counter Value are become predetermined value, and deposit them in terminal
Wherein disposable described step (e) that accesses to your password of generation contains the step during described password produces step:
Described Counter Value is inserted the password bit stream that a value according to described symmetric key encryption algorithm output is carried out the generation of described step (c) of an assorted function in unidirectional Kazakhstan; With
The password bit stream that described Counter Value is inserted wherein transfers a predetermined format to,
The described reception step in wherein said confirmation step also contains the step:
From disposable the accessing to your password that receives, extract a Counter Value;
The Counter Value that will extract in the described extraction step is compared with the Counter Value of described server; With
In described comparison step, under the unequal situation of Counter Value, the Counter Value of described counter is equated, and described random number is become one and the corresponding random number of described Counter Value,
The described step of the described random number of change in wherein said confirmation step be used for described random number become a predetermined value and with it deposit in terminal and
The conversion step in described confirmation step contains the step:
Carry out the assorted function in described unidirectional Kazakhstan and described Counter Value is inserted the output password bit stream; With
The password value that described Counter Value is inserted wherein becomes a predetermined format.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR44125/96 | 1996-10-05 | ||
KR44125/1996 | 1996-10-05 | ||
KR1019960044125A KR100213188B1 (en) | 1996-10-05 | 1996-10-05 | Apparatus and method for user authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1181560A true CN1181560A (en) | 1998-05-13 |
CN1197030C CN1197030C (en) | 2005-04-13 |
Family
ID=19476333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB971200408A Expired - Fee Related CN1197030C (en) | 1996-10-05 | 1997-10-05 | Apparatus for authenticating user and method therefor |
Country Status (7)
Country | Link |
---|---|
US (1) | US6067621A (en) |
JP (1) | JPH10171909A (en) |
KR (1) | KR100213188B1 (en) |
CN (1) | CN1197030C (en) |
DE (1) | DE19744106B4 (en) |
FR (1) | FR2754411B1 (en) |
GB (1) | GB2317983B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005041481A1 (en) * | 2003-10-29 | 2005-05-06 | Hui Lin | A method of internet clearance security certification and ic card certification hardware |
WO2005041480A1 (en) * | 2003-10-29 | 2005-05-06 | Hui Lin | A method of mail server landing security certification and ic card certification hardware |
CN100343830C (en) * | 1998-07-16 | 2007-10-17 | 索尼公司 | Data storage equipment and data storage method |
CN100352172C (en) * | 2001-10-24 | 2007-11-28 | 中兴通讯股份有限公司 | Method of implementing two kind hand set compatible right discrimination mode in personal hand set system |
CN101273378A (en) * | 2005-08-11 | 2008-09-24 | 维萨国际服务协会 | Method and system for performing two factor mutual authentication |
CN100432889C (en) * | 2003-09-12 | 2008-11-12 | Rsa安全公司 | System and method providing disconnected authentication |
CN1961523B (en) * | 2004-02-23 | 2010-04-14 | 弗里塞恩公司 | Token provision |
CN1417741B (en) * | 2001-11-03 | 2011-05-11 | 李灵 | Two-way enciphering magnetic card anti-fake method |
CN101394411B (en) * | 2008-11-12 | 2011-08-17 | 北京飞天诚信科技有限公司 | Safe packet transmission system and method |
CN103475463A (en) * | 2013-08-19 | 2013-12-25 | 华为技术有限公司 | Encryption realization method and apparatus |
CN102272768B (en) * | 2009-01-05 | 2015-07-08 | 飞思卡尔半导体公司 | Method, system and integrated circuit for enabling access to a memory element |
Families Citing this family (267)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1139260A (en) * | 1997-07-17 | 1999-02-12 | Canon Inc | User authenticating system, host computer, terminal device, authentication code generating method, recording medium |
FR2779018B1 (en) * | 1998-05-22 | 2000-08-18 | Activcard | TERMINAL AND SYSTEM FOR IMPLEMENTING SECURE ELECTRONIC TRANSACTIONS |
US6044471A (en) | 1998-06-04 | 2000-03-28 | Z4 Technologies, Inc. | Method and apparatus for securing software to reduce unauthorized use |
US6986063B2 (en) * | 1998-06-04 | 2006-01-10 | Z4 Technologies, Inc. | Method for monitoring software using encryption including digital signatures/certificates |
US20040225894A1 (en) * | 1998-06-04 | 2004-11-11 | Z4 Technologies, Inc. | Hardware based method for digital rights management including self activating/self authentication software |
US20040117628A1 (en) * | 1998-06-04 | 2004-06-17 | Z4 Technologies, Inc. | Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content |
US20040117644A1 (en) * | 1998-06-04 | 2004-06-17 | Z4 Technologies, Inc. | Method for reducing unauthorized use of software/digital content including self-activating/self-authenticating software/digital content |
US20040117663A1 (en) * | 1998-06-04 | 2004-06-17 | Z4 Technologies, Inc. | Method for authentication of digital content used or accessed with secondary devices to reduce unauthorized use or distribution |
US20040117664A1 (en) * | 1998-06-04 | 2004-06-17 | Z4 Technologies, Inc. | Apparatus for establishing a connectivity platform for digital rights management |
US20040117631A1 (en) * | 1998-06-04 | 2004-06-17 | Z4 Technologies, Inc. | Method for digital rights management including user/publisher connectivity interface |
US20040107368A1 (en) * | 1998-06-04 | 2004-06-03 | Z4 Technologies, Inc. | Method for digital rights management including self activating/self authentication software |
US6665800B1 (en) * | 1999-01-26 | 2003-12-16 | Dell Usa, L.P. | System and method for securing a computer system |
AU2878800A (en) | 1999-02-12 | 2000-08-29 | Allen Freudenstein | System and method for providing certification-related and other services |
GB9905056D0 (en) | 1999-03-05 | 1999-04-28 | Hewlett Packard Co | Computing apparatus & methods of operating computer apparatus |
IL128720A (en) * | 1999-02-25 | 2009-06-15 | Cidway Technologies Ltd | Method for certification of over the phone transactions |
JP4219561B2 (en) * | 1999-03-05 | 2009-02-04 | ヒューレット・パッカード・カンパニー | Smart card user interface for trusted computing platforms |
US6721891B1 (en) * | 1999-03-29 | 2004-04-13 | Activcard Ireland Limited | Method of distributing piracy protected computer software |
CN1384945A (en) * | 1999-05-25 | 2002-12-11 | 塞弗派澳大利亚有限公司 | System for handling network transactions |
US7631195B1 (en) * | 2006-03-15 | 2009-12-08 | Super Talent Electronics, Inc. | System and method for providing security to a portable storage device |
US7873837B1 (en) | 2000-01-06 | 2011-01-18 | Super Talent Electronics, Inc. | Data security for electronic data flash card |
JP3718382B2 (en) * | 1999-08-27 | 2005-11-24 | 株式会社日立製作所 | Method and system for managing information written to storage medium |
US7085931B1 (en) * | 1999-09-03 | 2006-08-01 | Secure Computing Corporation | Virtual smart card system and method |
US20020029200A1 (en) | 1999-09-10 | 2002-03-07 | Charles Dulin | System and method for providing certificate validation and other services |
JP2003521763A (en) * | 1999-09-24 | 2003-07-15 | メアリー マッケンニー | System and method for providing settlement service in electronic commerce |
US7290142B1 (en) * | 1999-09-28 | 2007-10-30 | Thomas Licensing | System and method for initializing a simple network management protocol (SNMP) agent |
US9430769B2 (en) | 1999-10-01 | 2016-08-30 | Cardinalcommerce Corporation | Secure and efficient payment processing system |
US7742967B1 (en) | 1999-10-01 | 2010-06-22 | Cardinalcommerce Corporation | Secure and efficient payment processing system |
FI19992343A (en) * | 1999-10-29 | 2001-04-30 | Nokia Mobile Phones Ltd | A method and arrangement for reliably identifying a user on a computer system |
KR20000006796A (en) * | 1999-11-03 | 2000-02-07 | 이병훈 | Eletro-payment methods using handphone |
KR20000017997A (en) * | 2000-01-03 | 2000-04-06 | 고문규 | System and method of user verification for electronic commerce using a wireless communication terminal |
ATE319103T1 (en) * | 2000-01-26 | 2006-03-15 | Em Microelectronic Marin Sa | METHOD FOR TESTING AN INTEGRATED CIRCUIT WITH CONFIDENTIAL SOFTWARE OR HARDWARE ELEMENTS |
US6834270B1 (en) * | 2000-02-28 | 2004-12-21 | Carlo Pagani | Secured financial transaction system using single use codes |
JP2001308850A (en) * | 2000-03-31 | 2001-11-02 | Internatl Business Mach Corp <Ibm> | Method and device for connecting to network by communication terminal device |
KR100369535B1 (en) * | 2000-04-07 | 2003-01-29 | 주식회사 디지털씨큐 | Apparatus for memorizing log data through tele-communication and method there of |
JP3456191B2 (en) * | 2000-04-20 | 2003-10-14 | 日本電気株式会社 | Mobile communication terminal |
KR20090116813A (en) * | 2000-04-24 | 2009-11-11 | 비자 인터내셔날 써비스 어쏘시에이션 | Online payer authentication service |
US20020040438A1 (en) * | 2000-05-05 | 2002-04-04 | Fisher David Landis | Method to securely load and manage multiple applications on a conventional file system smart card |
JP2001337925A (en) * | 2000-05-25 | 2001-12-07 | Nec Gumma Ltd | User authentication device and business transaction system using it |
US6970853B2 (en) * | 2000-06-06 | 2005-11-29 | Citibank, N.A. | Method and system for strong, convenient authentication of a web user |
FR2810139B1 (en) * | 2000-06-08 | 2002-08-23 | Bull Cp8 | METHOD FOR SECURING THE PRE-INITIALIZATION PHASE OF AN ON-BOARD ELECTRONIC CHIP SYSTEM, ESPECIALLY A CHIP CARD, AND ON-BOARD SYSTEM IMPLEMENTING THE METHOD |
FR2810481B1 (en) * | 2000-06-20 | 2003-04-04 | Gemplus Card Int | CONTROL OF ACCESS TO A DATA PROCESSING MEANS |
JP2002007932A (en) * | 2000-06-21 | 2002-01-11 | Nec Corp | Data sale prompt settlement method and prepaid card |
KR20020000961A (en) * | 2000-06-23 | 2002-01-09 | 백영삼 | A wireless authentication method using mobile telecommunication system |
MXPA02011695A (en) * | 2000-06-28 | 2004-02-12 | Holdings Ltd G | Transaction system with portable personal device for transaction identification and control. |
KR20020004366A (en) * | 2000-07-05 | 2002-01-16 | 구승엽 | Electronic authentication system |
AU2001286464A1 (en) * | 2000-08-14 | 2002-02-25 | Peter H. Gien | System and method for secure smartcard issuance |
WO2002032064A1 (en) * | 2000-09-08 | 2002-04-18 | Tallent Guy S | System and method for providing authorization and other services |
WO2002021409A1 (en) * | 2000-09-08 | 2002-03-14 | Tallent Guy S | System and method for transparently providing certificate validation and other services within an electronic transaction |
US7257839B2 (en) * | 2000-09-26 | 2007-08-14 | Nxp B.V. | Calculation of identifier codes distributed among pan devices |
JP2002117361A (en) * | 2000-10-06 | 2002-04-19 | Hitachi Ltd | Electronic account settlement method and electronic account settlement system |
AU2002239500A1 (en) * | 2000-10-20 | 2002-06-03 | Wave Systems Corporation | Cryptographic data security system and method |
KR100353731B1 (en) | 2000-11-01 | 2002-09-28 | (주)니트 젠 | User authenticating system and method using one-time fingerprint template |
AU2002226599A1 (en) * | 2000-11-03 | 2002-05-15 | Tomas Mulet Valles | A method to carry out economic transactions through a telecommunications network |
US20020141593A1 (en) * | 2000-12-11 | 2002-10-03 | Kurn David Michael | Multiple cryptographic key linking scheme on a computer system |
AU2002222194A1 (en) * | 2000-12-14 | 2002-06-24 | Assendon Limited | An authentication system |
KR100382880B1 (en) * | 2000-12-28 | 2003-05-09 | 한컴씨큐어 주식회사 | Authentication system and method using one-time password mechanism |
JP2002259344A (en) * | 2001-02-28 | 2002-09-13 | Mitsubishi Electric Corp | One-time password authentication system, portable telephone and user identification server |
KR100553309B1 (en) * | 2001-03-02 | 2006-02-20 | 송우아이엔티 주식회사 | System and method for intermediating credit information, and storage media having program source thereof |
AU2001258694A1 (en) * | 2001-03-16 | 2002-10-03 | G. Holdings Ltd. | System and method for replacing identification data on a portable transaction device |
FR2823398B1 (en) * | 2001-04-04 | 2003-08-15 | St Microelectronics Sa | EXTRACTION OF PRIVATE DATA FOR AUTHENTICATION OF AN INTEGRATED CIRCUIT |
KR20030097847A (en) * | 2001-05-02 | 2003-12-31 | 시큐젠 코포레이션 | Authenticating user on computer network for biometric information |
KR20020090375A (en) * | 2001-05-23 | 2002-12-05 | 안현기 | card reading device, payment/authentication system using the card reading device |
FR2825213B1 (en) * | 2001-05-28 | 2004-01-16 | Scrypto Systems | USER AUTHENTICATION SYSTEM |
FR2825873A1 (en) * | 2001-06-11 | 2002-12-13 | St Microelectronics Sa | PROTECTED STORAGE OF DATA IN AN INTEGRATED CIRCUIT |
US8001054B1 (en) * | 2001-07-10 | 2011-08-16 | American Express Travel Related Services Company, Inc. | System and method for generating an unpredictable number using a seeded algorithm |
KR100451541B1 (en) * | 2001-07-10 | 2004-10-08 | (주)니트 젠 | Method of providing user interface via web |
WO2003012714A1 (en) * | 2001-07-31 | 2003-02-13 | Karen Elizabeth Courtney | A security system for transactions |
US8281129B1 (en) * | 2001-08-29 | 2012-10-02 | Nader Asghari-Kamrani | Direct authentication system and method via trusted authenticators |
US7356837B2 (en) * | 2001-08-29 | 2008-04-08 | Nader Asghari-Kamrani | Centralized identification and authentication system and method |
US7444676B1 (en) | 2001-08-29 | 2008-10-28 | Nader Asghari-Kamrani | Direct authentication and authorization system and method for trusted network of financial institutions |
US7779267B2 (en) | 2001-09-04 | 2010-08-17 | Hewlett-Packard Development Company, L.P. | Method and apparatus for using a secret in a distributed computing system |
KR20030022568A (en) * | 2001-09-11 | 2003-03-17 | 김명현 | Method and system for generating temporary identification and password and accessing web site by using the same |
KR20010099413A (en) * | 2001-09-26 | 2001-11-09 | 최문현 | authentication device for PDA |
JP3668175B2 (en) * | 2001-10-24 | 2005-07-06 | 株式会社東芝 | Personal authentication method, personal authentication device, and personal authentication system |
JP4045777B2 (en) * | 2001-10-30 | 2008-02-13 | 株式会社日立製作所 | Information processing device |
WO2003038702A1 (en) * | 2001-10-31 | 2003-05-08 | Takako Jogu | Electronic settlement apparatus and method thereof |
JP2003216037A (en) * | 2001-11-16 | 2003-07-30 | Yazaki Corp | Cipher key, enciphering device, enciphering/deciphering device, cipher key management device, and deciphering device |
US20030145203A1 (en) * | 2002-01-30 | 2003-07-31 | Yves Audebert | System and method for performing mutual authentications between security tokens |
US20030163694A1 (en) * | 2002-02-25 | 2003-08-28 | Chaing Chen | Method and system to deliver authentication authority web services using non-reusable and non-reversible one-time identity codes |
US7899753B1 (en) * | 2002-03-25 | 2011-03-01 | Jpmorgan Chase Bank, N.A | Systems and methods for time variable financial authentication |
ATE313130T1 (en) * | 2002-03-25 | 2005-12-15 | Tds Todos Data System Ab | SYSTEM AND METHOD FOR USER AUTHENTICATION IN A DIGITAL COMMUNICATIONS SYSTEM |
US7472423B2 (en) * | 2002-03-27 | 2008-12-30 | Tvworks, Llc | Method and apparatus for anonymously tracking TV and internet usage |
EP1504424B1 (en) * | 2002-05-10 | 2008-09-10 | Prism Technologies LLC | An authentication token |
GB0210692D0 (en) * | 2002-05-10 | 2002-06-19 | Assendon Ltd | Smart card token for remote authentication |
US7370350B1 (en) * | 2002-06-27 | 2008-05-06 | Cisco Technology, Inc. | Method and apparatus for re-authenticating computing devices |
US7885896B2 (en) | 2002-07-09 | 2011-02-08 | Avaya Inc. | Method for authorizing a substitute software license server |
US8041642B2 (en) | 2002-07-10 | 2011-10-18 | Avaya Inc. | Predictive software license balancing |
WO2004008711A2 (en) * | 2002-07-15 | 2004-01-22 | Nokia Corporation | An ipv6 address ownership authentification based on zero-knowledge identification protocols or based on one time password |
JP2004072214A (en) * | 2002-08-02 | 2004-03-04 | Sharp Corp | Electronic seal, ic card, authentication system for personal identification, and mobile apparatus |
US20040107170A1 (en) * | 2002-08-08 | 2004-06-03 | Fujitsu Limited | Apparatuses for purchasing of goods and services |
US7349871B2 (en) * | 2002-08-08 | 2008-03-25 | Fujitsu Limited | Methods for purchasing of goods and services |
US7822688B2 (en) * | 2002-08-08 | 2010-10-26 | Fujitsu Limited | Wireless wallet |
US7606560B2 (en) * | 2002-08-08 | 2009-10-20 | Fujitsu Limited | Authentication services using mobile device |
US7801826B2 (en) * | 2002-08-08 | 2010-09-21 | Fujitsu Limited | Framework and system for purchasing of goods and services |
US7353382B2 (en) * | 2002-08-08 | 2008-04-01 | Fujitsu Limited | Security framework and protocol for universal pervasive transactions |
US7784684B2 (en) * | 2002-08-08 | 2010-08-31 | Fujitsu Limited | Wireless computer wallet for physical point of sale (POS) transactions |
US7770212B2 (en) * | 2002-08-15 | 2010-08-03 | Activcard | System and method for privilege delegation and control |
US7216363B2 (en) * | 2002-08-30 | 2007-05-08 | Avaya Technology Corp. | Licensing duplicated systems |
US7228567B2 (en) * | 2002-08-30 | 2007-06-05 | Avaya Technology Corp. | License file serial number tracking |
US7698225B2 (en) * | 2002-08-30 | 2010-04-13 | Avaya Inc. | License modes in call processing |
US7966520B2 (en) * | 2002-08-30 | 2011-06-21 | Avaya Inc. | Software licensing for spare processors |
US7707116B2 (en) * | 2002-08-30 | 2010-04-27 | Avaya Inc. | Flexible license file feature controls |
US7681245B2 (en) * | 2002-08-30 | 2010-03-16 | Avaya Inc. | Remote feature activator feature extraction |
KR100477670B1 (en) * | 2002-09-26 | 2005-03-18 | 삼성전자주식회사 | Monitor for security using smart card and method thereof |
US20040078339A1 (en) * | 2002-10-22 | 2004-04-22 | Goringe Christopher M. | Priority based licensing |
US7266838B2 (en) * | 2002-10-31 | 2007-09-04 | Hewlett-Packard Development Company, L.P. | Secure resource |
US7895443B2 (en) * | 2002-11-05 | 2011-02-22 | Safenet, Inc. | Secure authentication using hardware token and computer fingerprint |
KR20020092311A (en) * | 2002-11-13 | 2002-12-11 | 톤스텝 주식회사 | User authentication with a secret card embedded in a mobile unit |
US20040103290A1 (en) * | 2002-11-22 | 2004-05-27 | Mankins David P. | System and method for controlling the right to use an item |
JP4256670B2 (en) * | 2002-12-10 | 2009-04-22 | 富士通株式会社 | Capacitor element, semiconductor device and manufacturing method thereof |
US7890997B2 (en) * | 2002-12-26 | 2011-02-15 | Avaya Inc. | Remote feature activation authentication file system |
JP2006518140A (en) * | 2003-01-31 | 2006-08-03 | アクサルト・エス・アー | Communication between smart card and server |
US7260557B2 (en) * | 2003-02-27 | 2007-08-21 | Avaya Technology Corp. | Method and apparatus for license distribution |
SG121759A1 (en) * | 2003-02-28 | 2006-05-26 | Data Security Systems Solution | A system and method for authenticating identities over remote channels |
JP4536330B2 (en) * | 2003-03-06 | 2010-09-01 | ソニー株式会社 | Data processing apparatus and method |
US7190948B2 (en) * | 2003-03-10 | 2007-03-13 | Avaya Technology Corp. | Authentication mechanism for telephony devices |
US7373657B2 (en) * | 2003-03-10 | 2008-05-13 | Avaya Technology Corp. | Method and apparatus for controlling data and software access |
US20040181696A1 (en) * | 2003-03-11 | 2004-09-16 | Walker William T. | Temporary password login |
JP4300832B2 (en) * | 2003-03-14 | 2009-07-22 | ソニー株式会社 | Data processing apparatus, method thereof and program thereof |
JP2004302921A (en) * | 2003-03-31 | 2004-10-28 | Toshiba Corp | Device authenticating apparatus using off-line information and device authenticating method |
US7694330B2 (en) * | 2003-05-23 | 2010-04-06 | Industrial Technology Research Institute | Personal authentication device and system and method thereof |
JP2005011151A (en) * | 2003-06-20 | 2005-01-13 | Renesas Technology Corp | Memory card |
JP2005025337A (en) * | 2003-06-30 | 2005-01-27 | Sony Corp | Appliance registration system, appliance registration server, appliance registration method, appliance registration program, storage medium and terminal appliance |
US20050050330A1 (en) * | 2003-08-27 | 2005-03-03 | Leedor Agam | Security token |
JP2007506392A (en) * | 2003-09-22 | 2007-03-15 | イムプシス ディジタル セキュリティ アクチボラゲット | Data communication security mechanisms and methods |
WO2005059793A1 (en) * | 2003-12-01 | 2005-06-30 | Hyungmin Kim | Electronic settlement system and method using serial number including identification of software, contents or electronic information, and computer-readable recording medium for recording program for performing the method |
US8060745B2 (en) * | 2003-12-16 | 2011-11-15 | Seiko Epson Corporation | Security for wireless transmission |
JP4540353B2 (en) * | 2004-01-23 | 2010-09-08 | 三菱電機株式会社 | Authentication system and terminal device |
US7877605B2 (en) * | 2004-02-06 | 2011-01-25 | Fujitsu Limited | Opinion registering application for a universal pervasive transaction framework |
US7353388B1 (en) | 2004-02-09 | 2008-04-01 | Avaya Technology Corp. | Key server for securing IP telephony registration, control, and maintenance |
JP4036838B2 (en) * | 2004-03-12 | 2008-01-23 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Security device, information processing device, method executed by security device, method executed by information processing device, program executable for executing the method, and ticket system |
US7308250B2 (en) * | 2004-03-16 | 2007-12-11 | Broadcom Corporation | Integration of secure identification logic into cell phone |
US7539860B2 (en) * | 2004-03-18 | 2009-05-26 | American Express Travel Related Services Company, Inc. | Single use user IDS |
US7272500B1 (en) | 2004-03-25 | 2007-09-18 | Avaya Technology Corp. | Global positioning system hardware key for software licenses |
DE102005008258A1 (en) * | 2004-04-07 | 2005-10-27 | Giesecke & Devrient Gmbh | Data carrier with TAN generator and display |
FR2869486B1 (en) * | 2004-04-21 | 2007-08-31 | Oberthur Card Syst Sa | SECURE DATA PROCESSING METHOD AND DEVICE THEREFOR |
US7734929B2 (en) * | 2004-04-30 | 2010-06-08 | Hewlett-Packard Development Company, L.P. | Authorization method |
JP2005316856A (en) * | 2004-04-30 | 2005-11-10 | Toshiba Corp | Information processor, starting method thereof, and starting program thereof |
US7725926B1 (en) * | 2004-08-23 | 2010-05-25 | Hewlett-Packard Development Company, L.P. | Authentication |
JP2006067174A (en) * | 2004-08-26 | 2006-03-09 | Fujitsu Ltd | Control program, communication relay device control method, and communication relay device and system |
US7707405B1 (en) | 2004-09-21 | 2010-04-27 | Avaya Inc. | Secure installation activation |
US7965701B1 (en) | 2004-09-30 | 2011-06-21 | Avaya Inc. | Method and system for secure communications with IP telephony appliance |
US8229858B1 (en) | 2004-09-30 | 2012-07-24 | Avaya Inc. | Generation of enterprise-wide licenses in a customer environment |
US7747851B1 (en) | 2004-09-30 | 2010-06-29 | Avaya Inc. | Certificate distribution via license files |
KR20070050504A (en) * | 2004-10-15 | 2007-05-15 | 베리사인 인코포레이티드 | One time password |
US7571489B2 (en) * | 2004-10-20 | 2009-08-04 | International Business Machines Corporation | One time passcode system |
US20060107067A1 (en) * | 2004-11-15 | 2006-05-18 | Max Safal | Identification card with bio-sensor and user authentication method |
WO2006066999A2 (en) * | 2004-12-22 | 2006-06-29 | International Business Machines Corporation | Method, system and computer program product for handling data |
GB2423175A (en) * | 2005-02-15 | 2006-08-16 | Paul Baker | Payment system |
US7549922B2 (en) * | 2005-03-17 | 2009-06-23 | Atronic International Gmbh | Software security for gaming devices |
CN100431384C (en) * | 2005-04-12 | 2008-11-05 | 中国电信股份有限公司 | Method for preventing PHS terminal from being parallel operated unauthorizedly |
US8266441B2 (en) * | 2005-04-22 | 2012-09-11 | Bank Of America Corporation | One-time password credit/debit card |
US20070005963A1 (en) * | 2005-06-29 | 2007-01-04 | Intel Corporation | Secured one time access code |
US7748031B2 (en) * | 2005-07-08 | 2010-06-29 | Sandisk Corporation | Mass storage device with automated credentials loading |
CN101233469B (en) | 2005-07-21 | 2013-06-05 | 克莱夫公司 | Memory lock system |
KR100752393B1 (en) * | 2005-07-22 | 2007-08-28 | 주식회사 엘립시스 | Token and method for personal authentication |
US8181232B2 (en) * | 2005-07-29 | 2012-05-15 | Citicorp Development Center, Inc. | Methods and systems for secure user authentication |
FR2890201A1 (en) * | 2005-08-31 | 2007-03-02 | Proton World Internatinal Nv | Digital data e.g. music files, storing method for e.g. digital floppy disk, involves encrypting digital data using symmetric algorithm with encryption key independent to recorder, and transferring key onto physical medium or microcircuit |
US7814023B1 (en) | 2005-09-08 | 2010-10-12 | Avaya Inc. | Secure download manager |
KR100964036B1 (en) * | 2005-09-09 | 2010-06-15 | 주식회사 에스원 | Reader and rf card decoding method using the reader |
NO324315B1 (en) * | 2005-10-03 | 2007-09-24 | Encap As | Method and system for secure user authentication at personal data terminal |
US8245292B2 (en) * | 2005-11-16 | 2012-08-14 | Broadcom Corporation | Multi-factor authentication using a smartcard |
ES2363165T3 (en) * | 2005-12-01 | 2011-07-22 | Vodafone Holding Gmbh | GENERATION OF CUSTOMER IDENTITIES IN A COMMUNICATION SYSTEM. |
US7904946B1 (en) | 2005-12-09 | 2011-03-08 | Citicorp Development Center, Inc. | Methods and systems for secure user authentication |
US9002750B1 (en) | 2005-12-09 | 2015-04-07 | Citicorp Credit Services, Inc. (Usa) | Methods and systems for secure user authentication |
US9768963B2 (en) | 2005-12-09 | 2017-09-19 | Citicorp Credit Services, Inc. (Usa) | Methods and systems for secure user authentication |
FR2895608B1 (en) * | 2005-12-23 | 2008-03-21 | Trusted Logic Sa | METHOD FOR MAKING A SECURED COUNTER ON AN ON-BOARD COMPUTER SYSTEM HAVING A CHIP CARD |
US8934865B2 (en) * | 2006-02-02 | 2015-01-13 | Alcatel Lucent | Authentication and verification services for third party vendors using mobile devices |
US8171542B2 (en) * | 2006-02-13 | 2012-05-01 | Honeywell International Inc. | Advanced encryption standard to provide hardware key interface |
FR2897488B1 (en) * | 2006-02-16 | 2008-04-11 | Digimedia Interactivite Soc Pa | METHOD OF PUBLIC KEY CERTIFICATION BY A NON-ACCREDITED PROVIDER |
US20070214364A1 (en) * | 2006-03-07 | 2007-09-13 | Roberts Nicole A | Dual layer authentication system for securing user access to remote systems and associated methods |
US9258124B2 (en) | 2006-04-21 | 2016-02-09 | Symantec Corporation | Time and event based one time password |
KR100645401B1 (en) * | 2006-05-01 | 2006-11-15 | 주식회사 미래테크놀로지 | Time sync type otp generation device in mobile phone and generation method |
KR100734724B1 (en) | 2006-05-03 | 2007-07-02 | 주식회사 신한은행 | Mobile devices and program recording medium |
KR100737173B1 (en) * | 2006-05-09 | 2007-07-10 | 경북대학교 산학협력단 | One time passwrod generator and the authentication apparatus using said one time password generator |
US9769158B2 (en) * | 2006-06-07 | 2017-09-19 | Red Hat, Inc. | Guided enrollment and login for token users |
FR2902253B1 (en) * | 2006-06-13 | 2009-04-03 | Ingenico Sa | METHOD AND DEVICE FOR AUTHENTICATING A USER |
CN101101687B (en) * | 2006-07-05 | 2010-09-01 | 山谷科技有限责任公司 | Method, apparatus, server and system using biological character for identity authentication |
US20080010453A1 (en) * | 2006-07-06 | 2008-01-10 | Laurence Hamid | Method and apparatus for one time password access to portable credential entry and memory storage devices |
JP2008015877A (en) * | 2006-07-07 | 2008-01-24 | Fujitsu Ltd | Authentication system and method |
DE102006034536A1 (en) * | 2006-07-26 | 2008-01-31 | Carl Zeiss Meditec Ag | Method for generating access data for a medical device |
DE102006034535A1 (en) * | 2006-07-26 | 2008-01-31 | Carl Zeiss Meditec Ag | Method for generating a one-time access code |
US8166532B2 (en) * | 2006-10-10 | 2012-04-24 | Honeywell International Inc. | Decentralized access control framework |
CN101554005A (en) | 2006-10-11 | 2009-10-07 | 国际签证服务协会 | Method and system for processing micropayment transactions |
US10068220B2 (en) | 2006-10-11 | 2018-09-04 | Visa International Service Association | Systems and methods for brokered authentication express seller links |
US20100223184A1 (en) * | 2006-10-11 | 2010-09-02 | Visa International Service Association | Sponsored Accounts For Computer-Implemented Payment System |
US8050665B1 (en) | 2006-10-20 | 2011-11-01 | Avaya Inc. | Alert reminder trigger by motion-detector |
US9125144B1 (en) | 2006-10-20 | 2015-09-01 | Avaya Inc. | Proximity-based feature activation based on programmable profile |
US9251637B2 (en) | 2006-11-15 | 2016-02-02 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
JP2008158778A (en) * | 2006-12-22 | 2008-07-10 | Fujitsu Ltd | Personal identification program, method, and system |
US8615662B2 (en) * | 2007-01-31 | 2013-12-24 | Microsoft Corporation | Password authentication via a one-time keyboard map |
US8590024B2 (en) * | 2007-02-01 | 2013-11-19 | The Boeing Company | Method for generating digital fingerprint using pseudo random number code |
US7866551B2 (en) | 2007-02-15 | 2011-01-11 | Visa U.S.A. Inc. | Dynamic payment device characteristics |
GB2442249B (en) * | 2007-02-20 | 2008-09-10 | Cryptomathic As | Authentication device and method |
EP2034458A3 (en) | 2007-03-09 | 2009-09-02 | ActivIdentity, Inc. | One-time passwords |
US8002193B2 (en) | 2007-03-12 | 2011-08-23 | Visa U.S.A. Inc. | Payment card dynamically receiving power from external source |
US20080249947A1 (en) * | 2007-04-09 | 2008-10-09 | Potter Eric R | Multi-factor authentication using a one time password |
JP4973292B2 (en) * | 2007-04-10 | 2012-07-11 | 大日本印刷株式会社 | Authentication device, authentication program, authentication system, password generation device, portable security device, and password generation program |
KR100914771B1 (en) * | 2007-05-09 | 2009-09-01 | 주식회사 웰비아닷컴 | System and method for security using one-time execution code |
US20090037729A1 (en) * | 2007-08-03 | 2009-02-05 | Lawrence Smith | Authentication factors with public-key infrastructure |
US20090106826A1 (en) * | 2007-10-19 | 2009-04-23 | Daniel Palestrant | Method and system for user authentication using event triggered authorization events |
US20090172165A1 (en) * | 2007-12-27 | 2009-07-02 | Kabushiki Kaisha Toshiba | Information Processing Apparatus and Information Processing System |
US20090183246A1 (en) * | 2008-01-15 | 2009-07-16 | Authlogic Inc. | Universal multi-factor authentication |
JP5513410B2 (en) * | 2008-01-18 | 2014-06-04 | アイデントラスト, インコーポレイテッド | Binding digital certificates to multiple trust domains |
US20090220075A1 (en) * | 2008-02-28 | 2009-09-03 | Akros Techlabs, Llc | Multifactor authentication system and methodology |
US8321929B2 (en) * | 2008-03-24 | 2012-11-27 | Dell Products L.P. | System and method for implementing a one time password at an information handling system |
US20090319789A1 (en) * | 2008-04-14 | 2009-12-24 | Larry Wendell Wilson | Encrypted portable medical history system |
US10008067B2 (en) * | 2008-06-16 | 2018-06-26 | Visa U.S.A. Inc. | System and method for authorizing financial transactions with online merchants |
KR20100021818A (en) * | 2008-08-18 | 2010-02-26 | 한국전자통신연구원 | Method for authentication using one-time identification information and system |
US7827108B2 (en) * | 2008-11-21 | 2010-11-02 | Visa U.S.A. Inc. | System and method of validating a relationship between a user and a user account at a financial institution |
US20100226526A1 (en) * | 2008-12-31 | 2010-09-09 | Modro Sierra K | Mobile media, devices, and signaling |
US20100174913A1 (en) * | 2009-01-03 | 2010-07-08 | Johnson Simon B | Multi-factor authentication system for encryption key storage and method of operation therefor |
US10289826B2 (en) * | 2009-03-03 | 2019-05-14 | Cybrsecurity Corporation | Using hidden secrets and token devices to control access to secure systems |
US20100241865A1 (en) * | 2009-03-19 | 2010-09-23 | Chunghwa Telecom Co., Ltd | One-Time Password System Capable of Defending Against Phishing Attacks |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US8326759B2 (en) * | 2009-04-28 | 2012-12-04 | Visa International Service Association | Verification of portable consumer devices |
CA2665961C (en) * | 2009-05-12 | 2013-01-22 | Diversinet Corp. | Method and system for delivering a command to a mobile device |
US9105027B2 (en) | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
US9038886B2 (en) | 2009-05-15 | 2015-05-26 | Visa International Service Association | Verification of portable consumer devices |
US8893967B2 (en) | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
US8602293B2 (en) | 2009-05-15 | 2013-12-10 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US7891560B2 (en) | 2009-05-15 | 2011-02-22 | Visa International Service Assocation | Verification of portable consumer devices |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US8534564B2 (en) | 2009-05-15 | 2013-09-17 | Ayman Hammad | Integration of verification tokens with mobile communication devices |
US8280788B2 (en) | 2009-10-29 | 2012-10-02 | Visa International Service Association | Peer-to-peer and group financial management systems and methods |
US20110106674A1 (en) * | 2009-10-29 | 2011-05-05 | Jeffrey William Perlman | Optimizing Transaction Scenarios With Automated Decision Making |
US8676639B2 (en) * | 2009-10-29 | 2014-03-18 | Visa International Service Association | System and method for promotion processing and authorization |
US8332325B2 (en) | 2009-11-02 | 2012-12-11 | Visa International Service Association | Encryption switch processing |
US10255591B2 (en) | 2009-12-18 | 2019-04-09 | Visa International Service Association | Payment channel returning limited use proxy dynamic value |
US8352312B2 (en) * | 2010-02-12 | 2013-01-08 | Es&S Innovations, Llc | System and method for controlling actions taken on voting devices |
WO2011121566A1 (en) * | 2010-03-31 | 2011-10-06 | Paytel Inc. | A method for mutual authentication of a user and service provider |
US8839415B2 (en) | 2011-02-01 | 2014-09-16 | Kingston Technology Corporation | Blank smart card device issuance system |
AU2012225684B2 (en) | 2011-03-04 | 2016-11-10 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US9292840B1 (en) | 2011-04-07 | 2016-03-22 | Wells Fargo Bank, N.A. | ATM customer messaging systems and methods |
US9087428B1 (en) | 2011-04-07 | 2015-07-21 | Wells Fargo Bank, N.A. | System and method for generating a customized user interface |
US9589256B1 (en) | 2011-04-07 | 2017-03-07 | Wells Fargo Bank, N.A. | Smart chaining |
US9203617B2 (en) * | 2011-08-17 | 2015-12-01 | Vixs Systems, Inc. | Secure provisioning of integrated circuits at various states of deployment, methods thereof |
GB2495704B (en) | 2011-10-12 | 2014-03-26 | Technology Business Man Ltd | ID Authentication |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
JP5962354B2 (en) * | 2012-09-06 | 2016-08-03 | 株式会社リコー | Information processing apparatus, program, and system |
CN103810431A (en) * | 2012-11-15 | 2014-05-21 | 鸿富锦精密工业(深圳)有限公司 | Password protection system and method |
US9323909B1 (en) * | 2012-12-07 | 2016-04-26 | Emc Corporation | Sharing a cryptographic device by partitioning challenge-response space |
EP3019992B1 (en) * | 2013-07-08 | 2020-04-29 | Assa Abloy AB | One-time-password generated on reader device using key read from personal security device |
US9922322B2 (en) | 2013-12-19 | 2018-03-20 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
CN105830107A (en) | 2013-12-19 | 2016-08-03 | 维萨国际服务协会 | Cloud-based transactions methods and systems |
EP2924914A1 (en) * | 2014-03-25 | 2015-09-30 | Gemalto SA | Method to manage a one time password key |
US9332008B2 (en) * | 2014-03-28 | 2016-05-03 | Netiq Corporation | Time-based one time password (TOTP) for network authentication |
AU2015264124B2 (en) | 2014-05-21 | 2019-05-09 | Visa International Service Association | Offline authentication |
KR101812464B1 (en) * | 2014-06-11 | 2018-01-30 | 주식회사 슈프리마 | Creation and authentication of biometric information by using watermark |
CN104038933A (en) * | 2014-06-16 | 2014-09-10 | 彭卫 | Encryption and authentication management method of mobile web |
EP2963855A1 (en) * | 2014-07-04 | 2016-01-06 | Gemalto SA | Synchronization method for synchronizing a peripheral function. |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US10255429B2 (en) | 2014-10-03 | 2019-04-09 | Wells Fargo Bank, N.A. | Setting an authorization level at enrollment |
US9473490B2 (en) * | 2014-10-13 | 2016-10-18 | Wells Fargo Bank, N.A. | Bidirectional authentication |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
CZ2015474A3 (en) * | 2015-07-07 | 2017-02-08 | Aducid S.R.O. | The method of communication authentication of the authentication device and at least one authentication server using a local factor |
US20170180360A1 (en) * | 2015-12-22 | 2017-06-22 | Centre For Development Of Advanced Computing (Cdac) | System for securing user identity information and a device thereof |
DE102016213189A1 (en) * | 2016-07-19 | 2018-01-25 | Thales Deutschland Gmbh | Method for operating an automatic security system, device for deactivating a security measure of an automatic security system, and safety-critical system |
US11895240B2 (en) * | 2016-12-15 | 2024-02-06 | Nec Corporation | System, apparatus, method and program for preventing illegal distribution of an access token |
US10387632B2 (en) | 2017-05-17 | 2019-08-20 | Bank Of America Corporation | System for provisioning and allowing secure access to a virtual credential |
US10574650B2 (en) | 2017-05-17 | 2020-02-25 | Bank Of America Corporation | System for electronic authentication with live user determination |
US10887090B2 (en) * | 2017-09-22 | 2021-01-05 | Nec Corporation | Scalable byzantine fault-tolerant protocol with partial tee support |
JP6828960B2 (en) * | 2018-02-28 | 2021-02-10 | Necプラットフォームズ株式会社 | Communication devices, management servers, security systems, control methods and programs |
JP7049933B2 (en) * | 2018-06-11 | 2022-04-07 | 株式会社日立製作所 | Jurisdiction management device and rights information management system |
EP3828799A4 (en) * | 2018-08-09 | 2022-06-08 | SSenStone Inc. | User authentication method and system using virtual authentication code |
US11392933B2 (en) * | 2019-07-03 | 2022-07-19 | Capital One Services, Llc | Systems and methods for providing online and hybridcard interactions |
US11509738B2 (en) * | 2019-07-18 | 2022-11-22 | Dell Products L.P. | System for migration of data from legacy computer system using wireless peer-to-peer connection |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4317957A (en) * | 1980-03-10 | 1982-03-02 | Marvin Sendrow | System for authenticating users and devices in on-line transaction networks |
JPH0762854B2 (en) * | 1985-03-05 | 1995-07-05 | カシオ計算機株式会社 | IC card system |
JPH0762862B2 (en) * | 1985-09-17 | 1995-07-05 | カシオ計算機株式会社 | Authentication method in IC card system |
JP2698588B2 (en) * | 1987-11-13 | 1998-01-19 | 株式会社東芝 | Portable electronic devices |
JPH0378082A (en) * | 1989-08-21 | 1991-04-03 | Hitachi Ltd | Reservation transaction processing method |
JP2724008B2 (en) * | 1989-12-01 | 1998-03-09 | 沖電気工業株式会社 | Personal identification processing system and personal identification processing method |
US5036461A (en) * | 1990-05-16 | 1991-07-30 | Elliott John C | Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device |
FR2665279A1 (en) * | 1990-07-24 | 1992-01-31 | Aschenbroich Yves | Process for protecting portable cards containing information in memory and device for its implementation |
EP0504364B1 (en) * | 1990-08-29 | 1997-10-15 | Hughes Aircraft Company | Distributed user authentication protocol |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
US5224162A (en) * | 1991-06-14 | 1993-06-29 | Nippon Telegraph And Telephone Corporation | Electronic cash system |
EP0566811A1 (en) * | 1992-04-23 | 1993-10-27 | International Business Machines Corporation | Authentication method and system with a smartcard |
FR2705810B1 (en) * | 1993-05-26 | 1995-06-30 | Gemplus Card Int | Chip card chip provided with a means of limiting the number of authentications. |
JP3053527B2 (en) * | 1993-07-30 | 2000-06-19 | インターナショナル・ビジネス・マシーンズ・コーポレイション | Method and apparatus for validating a password, method and apparatus for generating and preliminary validating a password, method and apparatus for controlling access to resources using an authentication code |
EP0673178B1 (en) * | 1994-03-17 | 2005-02-16 | Kokusai Denshin Denwa Co., Ltd | Authentication method for mobile communications |
US5604803A (en) * | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
-
1996
- 1996-10-05 KR KR1019960044125A patent/KR100213188B1/en not_active IP Right Cessation
-
1997
- 1997-10-02 FR FR9712272A patent/FR2754411B1/en not_active Expired - Fee Related
- 1997-10-03 JP JP27143797A patent/JPH10171909A/en active Pending
- 1997-10-05 CN CNB971200408A patent/CN1197030C/en not_active Expired - Fee Related
- 1997-10-06 US US08/944,918 patent/US6067621A/en not_active Expired - Fee Related
- 1997-10-06 DE DE19744106A patent/DE19744106B4/en not_active Expired - Fee Related
- 1997-10-06 GB GB9721224A patent/GB2317983B/en not_active Expired - Fee Related
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100343830C (en) * | 1998-07-16 | 2007-10-17 | 索尼公司 | Data storage equipment and data storage method |
CN100352172C (en) * | 2001-10-24 | 2007-11-28 | 中兴通讯股份有限公司 | Method of implementing two kind hand set compatible right discrimination mode in personal hand set system |
CN1417741B (en) * | 2001-11-03 | 2011-05-11 | 李灵 | Two-way enciphering magnetic card anti-fake method |
US8966276B2 (en) | 2003-09-12 | 2015-02-24 | Emc Corporation | System and method providing disconnected authentication |
CN100432889C (en) * | 2003-09-12 | 2008-11-12 | Rsa安全公司 | System and method providing disconnected authentication |
WO2005041480A1 (en) * | 2003-10-29 | 2005-05-06 | Hui Lin | A method of mail server landing security certification and ic card certification hardware |
WO2005041481A1 (en) * | 2003-10-29 | 2005-05-06 | Hui Lin | A method of internet clearance security certification and ic card certification hardware |
CN1961523B (en) * | 2004-02-23 | 2010-04-14 | 弗里塞恩公司 | Token provision |
CN101800637B (en) * | 2004-02-23 | 2012-07-11 | 弗里塞恩公司 | Token provisioning |
CN101273378A (en) * | 2005-08-11 | 2008-09-24 | 维萨国际服务协会 | Method and system for performing two factor mutual authentication |
CN101394411B (en) * | 2008-11-12 | 2011-08-17 | 北京飞天诚信科技有限公司 | Safe packet transmission system and method |
CN102272768B (en) * | 2009-01-05 | 2015-07-08 | 飞思卡尔半导体公司 | Method, system and integrated circuit for enabling access to a memory element |
CN103475463A (en) * | 2013-08-19 | 2013-12-25 | 华为技术有限公司 | Encryption realization method and apparatus |
CN103475463B (en) * | 2013-08-19 | 2017-04-05 | 华为技术有限公司 | Encryption implementation method and device |
Also Published As
Publication number | Publication date |
---|---|
US6067621A (en) | 2000-05-23 |
GB9721224D0 (en) | 1997-12-03 |
GB2317983A (en) | 1998-04-08 |
KR100213188B1 (en) | 1999-08-02 |
DE19744106A1 (en) | 1998-04-09 |
GB2317983B (en) | 2000-06-28 |
JPH10171909A (en) | 1998-06-26 |
FR2754411A1 (en) | 1998-04-10 |
CN1197030C (en) | 2005-04-13 |
FR2754411B1 (en) | 2002-11-15 |
DE19744106B4 (en) | 2007-11-29 |
KR19980025834A (en) | 1998-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1197030C (en) | Apparatus for authenticating user and method therefor | |
US5657388A (en) | Method and apparatus for utilizing a token for resource access | |
CN107925581B (en) | Biometric authentication system and authentication server | |
CN1922845B (en) | Token authentication system and method | |
CN100483994C (en) | System, portable device and method for digital authenticating, crypting and signing by generating short-lived encrypted key | |
US6904526B1 (en) | System and method of authenticating individuals | |
US20080201576A1 (en) | Information Processing Server And Information Processing Method | |
US20020138769A1 (en) | System and process for conducting authenticated transactions online | |
CN104321777B (en) | Public identifier is generated to verify the personal method for carrying identification object | |
CN108900298B (en) | Quantum cipher watermark-based private block chain honest node authentication access method | |
JP2005010826A (en) | Authentication terminal device, biometrics information authentication system and biometrics information acquisition system | |
JP2002543668A (en) | Highly Secure Biometric Authentication Using Public / Private Key Encryption Pairs | |
CN103679436A (en) | Electronic contract security system and method based on biological information identification | |
CA2636453A1 (en) | Multisystem biometric token | |
CA2273859A1 (en) | Authenticating system with microcircuit card | |
CA2465227A1 (en) | Method and apparatus for securely transmitting and authenticating biometric data over a network | |
WO2004061786A2 (en) | Methods and apparatus for credential validation | |
EP3915221B1 (en) | Offline interception-free interaction with a cryptocurrency network using a network-disabled device | |
JP2003134107A (en) | System, method and program for individual authentication | |
CN103248629B (en) | Identity registration system | |
Najera et al. | Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents. | |
Hardjono et al. | Applications of smartcards for anonymous and verifiable databases | |
Rubika et al. | Execution of IoT System using Blockchain with Authentication and Data Protection | |
EP3491575A1 (en) | Method and system for the authentic determination of the identity of an electronic document with itself at a later date or with a copy thereof | |
Costa et al. | E-Services in Mission-Critical Organizations: Identification Enforcement. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050413 Termination date: 20141005 |
|
EXPY | Termination of patent right or utility model |